dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0074-UTIL-Convert-domain-disabled-into-tri-state-with-dom.patch

6cf099
From 875a41bcd24d1deb2bd190eaaaf7a366de128cee Mon Sep 17 00:00:00 2001
6cf099
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099
Date: Tue, 18 Aug 2015 15:15:44 +0000
6cf099
Subject: [PATCH 74/87] UTIL: Convert domain->disabled into tri-state with
6cf099
 domain states
6cf099
MIME-Version: 1.0
6cf099
Content-Type: text/plain; charset=UTF-8
6cf099
Content-Transfer-Encoding: 8bit
6cf099
6cf099
Required for:
6cf099
https://fedorahosted.org/sssd/ticket/2637
6cf099
6cf099
This is a first step towards making it possible for domain to be around,
6cf099
but not contacted by Data Provider.
6cf099
6cf099
Also explicitly create domains as active, previously we only relied on
6cf099
talloc_zero marking dom->disabled as false.
6cf099
6cf099
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
6cf099
---
6cf099
 src/confdb/confdb.c                      |  2 ++
6cf099
 src/confdb/confdb.h                      | 19 ++++++++++++++++++-
6cf099
 src/db/sysdb_subdomains.c                |  7 +++++--
6cf099
 src/providers/ad/ad_subdomains.c         |  2 +-
6cf099
 src/providers/ipa/ipa_subdomains.c       |  2 +-
6cf099
 src/responder/common/responder_common.c  |  5 +++--
6cf099
 src/tests/cmocka/test_sysdb_subdomains.c |  6 +++++-
6cf099
 src/tests/cmocka/test_utils.c            |  6 +++---
6cf099
 src/util/domain_info_utils.c             | 20 +++++++++++++++++---
6cf099
 src/util/util.h                          |  3 +++
6cf099
 src/util/util_errors.c                   |  1 +
6cf099
 src/util/util_errors.h                   |  1 +
6cf099
 12 files changed, 60 insertions(+), 14 deletions(-)
6cf099
6cf099
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
6cf099
index 3a8a1c01b92e62302ac4f787ccd085be9d8f05c3..c097aad7745eda4fff051c7da027776f95db0f03 100644
6cf099
--- a/src/confdb/confdb.c
6cf099
+++ b/src/confdb/confdb.c
6cf099
@@ -1342,6 +1342,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
6cf099
     domain->has_views = false;
6cf099
     domain->view_name = NULL;
6cf099
 
6cf099
+    domain->state = DOM_ACTIVE;
6cf099
+
6cf099
     *_domain = domain;
6cf099
     ret = EOK;
6cf099
 done:
6cf099
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
6cf099
index 9aa264899e789f2491b9873daf44bb55aff1c95d..e8c1caa67852a8f3d9d74fc61dbe6f8b4169daf7 100644
6cf099
--- a/src/confdb/confdb.h
6cf099
+++ b/src/confdb/confdb.h
6cf099
@@ -215,6 +215,23 @@
6cf099
 struct confdb_ctx;
6cf099
 struct config_file_ctx;
6cf099
 
6cf099
+/** sssd domain state */
6cf099
+enum sss_domain_state {
6cf099
+    /** Domain is usable by both responders and providers. This
6cf099
+     * is the default state after creating a new domain
6cf099
+     */
6cf099
+    DOM_ACTIVE,
6cf099
+    /** Domain was removed, should not be used be neither responders
6cf099
+     * not providers.
6cf099
+     */
6cf099
+    DOM_DISABLED,
6cf099
+    /** Domain cannot be contacted. Providers return an offline error code
6cf099
+     * when receiving request for inactive domain, but responders should
6cf099
+     * return cached data
6cf099
+     */
6cf099
+    DOM_INACTIVE,
6cf099
+};
6cf099
+
6cf099
 /**
6cf099
  * Data structure storing all of the basic features
6cf099
  * of a domain.
6cf099
@@ -277,7 +294,7 @@ struct sss_domain_info {
6cf099
     struct sss_domain_info *prev;
6cf099
     struct sss_domain_info *next;
6cf099
 
6cf099
-    bool disabled;
6cf099
+    enum sss_domain_state state;
6cf099
     char **sd_inherit;
6cf099
 
6cf099
     /* Do not use the forest pointer directly in new code, but rather the
6cf099
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
6cf099
index 142520c1836d74ef7bc5c5269487b8971f261b88..546dc1c8d7e5e30ce9e0b56b097894d24d8c94a7 100644
6cf099
--- a/src/db/sysdb_subdomains.c
6cf099
+++ b/src/db/sysdb_subdomains.c
6cf099
@@ -111,6 +111,8 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
6cf099
     dom->enumerate = enumerate;
6cf099
     dom->fqnames = true;
6cf099
     dom->mpg = mpg;
6cf099
+    dom->state = DOM_ACTIVE;
6cf099
+
6cf099
     /* If the parent domain filters out group members, the subdomain should
6cf099
      * as well if configured */
6cf099
     inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
6cf099
@@ -268,7 +270,7 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
6cf099
     /* disable all domains,
6cf099
      * let the search result refresh any that are still valid */
6cf099
     for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {
6cf099
-        dom->disabled = true;
6cf099
+        sss_domain_set_state(dom, DOM_DISABLED);
6cf099
     }
6cf099
 
6cf099
     if (res->count == 0) {
6cf099
@@ -312,7 +314,8 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain)
6cf099
         /* explicitly use dom->next as we need to check 'disabled' domains */
6cf099
         for (dom = domain->subdomains; dom; dom = dom->next) {
6cf099
             if (strcasecmp(dom->name, name) == 0) {
6cf099
-                dom->disabled = false;
6cf099
+                sss_domain_set_state(dom, DOM_ACTIVE);
6cf099
+
6cf099
                 /* in theory these may change, but it should never happen */
6cf099
                 if (strcasecmp(dom->realm, realm) != 0) {
6cf099
                     DEBUG(SSSDBG_TRACE_INTERNAL,
6cf099
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
6cf099
index 9b42f03a0067ab5844432a0f19dd2930dcc200c9..d1d468043410c80e6bf7f0f48a13bd9e962552af 100644
6cf099
--- a/src/providers/ad/ad_subdomains.c
6cf099
+++ b/src/providers/ad/ad_subdomains.c
6cf099
@@ -376,7 +376,7 @@ static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,
6cf099
 
6cf099
         if (c >= count) {
6cf099
             /* ok this subdomain does not exist anymore, let's clean up */
6cf099
-            dom->disabled = true;
6cf099
+            sss_domain_set_state(dom, DOM_DISABLED);
6cf099
             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
6cf099
             if (ret != EOK) {
6cf099
                 goto done;
6cf099
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
6cf099
index b2e2fec353f7b168d28a880cb0f1b6181abb1ccb..089736b47d8f384a8024682dd203d324292df9ce 100644
6cf099
--- a/src/providers/ipa/ipa_subdomains.c
6cf099
+++ b/src/providers/ipa/ipa_subdomains.c
6cf099
@@ -528,7 +528,7 @@ static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
6cf099
 
6cf099
         if (c >= count) {
6cf099
             /* ok this subdomain does not exist anymore, let's clean up */
6cf099
-            dom->disabled = true;
6cf099
+            sss_domain_set_state(dom, DOM_DISABLED);
6cf099
             ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
6cf099
             if (ret != EOK) {
6cf099
                 goto done;
6cf099
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
6cf099
index 36e7f15948632e9c637886dee259b494e46ceecb..2097004cb0fc24d8b356f9d924243f948227ef58 100644
6cf099
--- a/src/responder/common/responder_common.c
6cf099
+++ b/src/responder/common/responder_common.c
6cf099
@@ -923,7 +923,7 @@ responder_get_domain(struct resp_ctx *rctx, const char *name)
6cf099
     struct sss_domain_info *ret_dom = NULL;
6cf099
 
6cf099
     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {
6cf099
-        if (dom->disabled) {
6cf099
+        if (sss_domain_get_state(dom) == DOM_DISABLED) {
6cf099
             continue;
6cf099
         }
6cf099
 
6cf099
@@ -958,7 +958,8 @@ errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id,
6cf099
     id_len = strlen(id);
6cf099
 
6cf099
     for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) {
6cf099
-        if (dom->disabled || dom->domain_id == NULL) {
6cf099
+        if (sss_domain_get_state(dom) == DOM_DISABLED ||
6cf099
+                dom->domain_id == NULL) {
6cf099
             continue;
6cf099
         }
6cf099
 
6cf099
diff --git a/src/tests/cmocka/test_sysdb_subdomains.c b/src/tests/cmocka/test_sysdb_subdomains.c
6cf099
index 82e77815ec848afcdedc90e35e440f7532b5c0b2..8d1a26a5918eaa9dec975c360f69840400e4bd2c 100644
6cf099
--- a/src/tests/cmocka/test_sysdb_subdomains.c
6cf099
+++ b/src/tests/cmocka/test_sysdb_subdomains.c
6cf099
@@ -151,7 +151,11 @@ static void test_sysdb_subdomain_create(void **state)
6cf099
     ret = sysdb_update_subdomains(test_ctx->tctx->dom);
6cf099
     assert_int_equal(ret, EOK);
6cf099
 
6cf099
-    assert_true(test_ctx->tctx->dom->subdomains->disabled);
6cf099
+    assert_int_equal(sss_domain_get_state(test_ctx->tctx->dom->subdomains),
6cf099
+                     DOM_DISABLED);
6cf099
+    assert_int_equal(
6cf099
+            sss_domain_get_state(test_ctx->tctx->dom->subdomains->next),
6cf099
+            DOM_DISABLED);
6cf099
 }
6cf099
 
6cf099
 static void test_sysdb_master_domain_ops(void **state)
6cf099
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
6cf099
index c7ebe0997ec00197e8852bedbcf26ef1f6394fc3..0f72434ca77fbfe1bd88a75fd932719dbfc59444 100644
6cf099
--- a/src/tests/cmocka/test_utils.c
6cf099
+++ b/src/tests/cmocka/test_utils.c
6cf099
@@ -259,7 +259,7 @@ void test_find_domain_by_name_disabled(void **state)
6cf099
         dom = dom->next;
6cf099
     }
6cf099
     assert_non_null(dom);
6cf099
-    dom->disabled = true;
6cf099
+    sss_domain_set_state(dom, DOM_DISABLED);
6cf099
 
6cf099
     for (c = 0; c < test_ctx->dom_count; c++) {
6cf099
         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
6cf099
@@ -426,7 +426,7 @@ void test_find_domain_by_sid_disabled(void **state)
6cf099
         dom = dom->next;
6cf099
     }
6cf099
     assert_non_null(dom);
6cf099
-    dom->disabled = true;
6cf099
+    sss_domain_set_state(dom, DOM_DISABLED);
6cf099
 
6cf099
     for (c = 0; c < test_ctx->dom_count; c++) {
6cf099
         name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c);
6cf099
@@ -578,7 +578,7 @@ static void test_get_next_domain_disabled(void **state)
6cf099
     struct sss_domain_info *dom = NULL;
6cf099
 
6cf099
     for (dom = test_ctx->dom_list; dom; dom = get_next_domain(dom, true)) {
6cf099
-        dom->disabled = true;
6cf099
+        sss_domain_set_state(dom, DOM_DISABLED);
6cf099
     }
6cf099
 
6cf099
     dom = get_next_domain(test_ctx->dom_list, true);
6cf099
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
6cf099
index 4eabcff7a0e0af342ec3833d24da26ede0cb5148..ffbb9475b27a45c07e2e0936464c6e68ed682052 100644
6cf099
--- a/src/util/domain_info_utils.c
6cf099
+++ b/src/util/domain_info_utils.c
6cf099
@@ -50,7 +50,10 @@ struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
6cf099
         } else {
6cf099
             dom = NULL;
6cf099
         }
6cf099
-        if (dom && !dom->disabled) break;
6cf099
+
6cf099
+        if (dom && sss_domain_get_state(dom) != DOM_DISABLED) {
6cf099
+            break;
6cf099
+        }
6cf099
     }
6cf099
 
6cf099
     return dom;
6cf099
@@ -91,7 +94,7 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
6cf099
         return NULL;
6cf099
     }
6cf099
 
6cf099
-    while (dom && dom->disabled) {
6cf099
+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
6cf099
         dom = get_next_domain(dom, true);
6cf099
     }
6cf099
     while (dom) {
6cf099
@@ -119,7 +122,7 @@ struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
6cf099
 
6cf099
     sid_len = strlen(sid);
6cf099
 
6cf099
-    while (dom && dom->disabled) {
6cf099
+    while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
6cf099
         dom = get_next_domain(dom, true);
6cf099
     }
6cf099
 
6cf099
@@ -730,3 +733,14 @@ done:
6cf099
 
6cf099
     return ret;
6cf099
 }
6cf099
+
6cf099
+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom)
6cf099
+{
6cf099
+    return dom->state;
6cf099
+}
6cf099
+
6cf099
+void sss_domain_set_state(struct sss_domain_info *dom,
6cf099
+                          enum sss_domain_state state)
6cf099
+{
6cf099
+    dom->state = state;
6cf099
+}
6cf099
diff --git a/src/util/util.h b/src/util/util.h
6cf099
index c998e91f92b0a86e0f4308ff0c07ff802588b5cf..4655e90a89b0ff3c457b80c943aefc4d6cf8e21f 100644
6cf099
--- a/src/util/util.h
6cf099
+++ b/src/util/util.h
6cf099
@@ -565,6 +565,9 @@ struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
6cf099
                                             bool match_any);
6cf099
 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
6cf099
                                            const char *sid);
6cf099
+enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom);
6cf099
+void sss_domain_set_state(struct sss_domain_info *dom,
6cf099
+                          enum sss_domain_state state);
6cf099
 
6cf099
 struct sss_domain_info*
6cf099
 sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
6cf099
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
6cf099
index 735f6dcfc7af33edcc886fd106cb3655bcc9566a..0e288e3908bf03b4906bb449bd0f3445d22a303e 100644
6cf099
--- a/src/util/util_errors.c
6cf099
+++ b/src/util/util_errors.c
6cf099
@@ -79,6 +79,7 @@ struct err_string error_to_str[] = {
6cf099
     { "Retrieving keytab failed" }, /* ERR_IPA_GETKEYTAB_FAILED */
6cf099
     { "Trusted forest root unknown" }, /* ERR_TRUST_FOREST_UNKNOWN */
6cf099
     { "p11_child failed" }, /* ERR_P11_CHILD */
6cf099
+    { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */
6cf099
     { "ERR_LAST" } /* ERR_LAST */
6cf099
 };
6cf099
 
6cf099
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
6cf099
index fbfbdef334be1fb8a525b78ab6336d616b31a189..da926db00121f569048ec515e95f0547ae6c4e35 100644
6cf099
--- a/src/util/util_errors.h
6cf099
+++ b/src/util/util_errors.h
6cf099
@@ -101,6 +101,7 @@ enum sssd_errors {
6cf099
     ERR_IPA_GETKEYTAB_FAILED,
6cf099
     ERR_TRUST_FOREST_UNKNOWN,
6cf099
     ERR_P11_CHILD,
6cf099
+    ERR_SUBDOM_INACTIVE,
6cf099
     ERR_LAST            /* ALWAYS LAST */
6cf099
 };
6cf099
 
6cf099
-- 
6cf099
2.4.3
6cf099